Analysis of BSC Chain Attack on Level.Finance Project
According to reports, according to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin, the L
According to reports, according to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin, the Level on the BSC chain on May 2, 2023__ The Finance project was attacked and lost up to $1 million in funds. By analyzing the code, it was found that the attacker’s address is 0x61bb 12e created attack contract 0xf08a 629, then the claimMultiple function of the attacked contract 0x9770… 63a was called using the attack contract. Due to the fact that the attacked contract did not clear the corresponding users ledger after calculating the users reward, the claimed reward of the same epoch can be repeatedly claimed. The attacker repeatedly calls the function using the same epoch to repeatedly retrieve the Level Token, and then swaps the received Level Token into 3345 BNBs (approximately $1.09 million) in multiple pairs. The stolen funds are still stored in the attacker’s address (0x70319d1c09e1373fc7b10403c852909e5b20a9d5), and Beosin will continue to monitor the stolen funds.
Security team: The stolen funds of Level Finance on the BSC chain are still stored in the attacker’s address
Introduction
Blockchain technology has revolutionized the financial industry and has made financial transactions more secure and reliable. However, as with any technology, there are loopholes. According to Beosin EagleEye, a blockchain security audit company, Level.Finance project on the Binance Smart Chain (BSC) experienced an attack on May 2, 2023, resulting in a loss of $1 million in funds. This attack highlights the need for robust security measures to ensure the safety of funds in the blockchain ecosystem.
Attack Details
The Level.Finance project was attacked using a smart contract deployed by the attacker. The attacker’s address was 0x61bb12e, and the attack contract deployed was 0xf08a629. The attacker used the claimMultiple function of the attacked contract 0x977063a to claim rewards multiple times due to the attacked contract’s failure to clear the ledger after calculating the users’ reward.
As a result, the attacker was able to repeatedly claim the same epoch’s reward and retrieve Level Tokens. The attacker then swapped these Level Tokens into 3345 BNBs (approx. $1.09 million) in multiple pairs. The attacker is still in possession of the stolen funds, which are stored in the address 0x70319d1c09e1373fc7b10403c852909e5b20a9d5.
Analysis
The attack on the Level.Finance project highlights the need for stronger security measures when deploying a smart contract. The failure to clear the ledger after calculating the user’s reward was a significant flaw in the design of the attacked contract, which allowed the attacker to claim rewards repeatedly.
This attack also highlights the importance of monitoring the blockchain ecosystem to detect and prevent such attacks promptly. Beosin EagleEye’s ability to monitor, warn, and block such security risks is commendable, and such tools need to be developed further to prevent such attacks in the future.
Prevention Measures
It is crucial to ensure a smart contract’s robust design and thoroughly test it before deployment to prevent attacks. Security audits must be mandatory before a project can be deployed on the blockchain. Companies must employ security experts to constantly monitor their systems and identify any vulnerabilities.
In addition, users must follow basic safety guidelines, such as storing their private keys in secure locations and using two-factor authentication to access their wallets.
Conclusion
The attack on the Level.Finance project is a reminder that blockchain technology, while promising, is still in its infancy, and security measures must be continuously improved to ensure the safety of funds in the blockchain ecosystem. Companies must take proactive measures to secure their systems and employ industry experts to monitor for vulnerabilities and prevent such attacks from happening.
FAQs
1. What is Beosin EagleEye?
Beosin EagleEye is a security risk monitoring, warning, and blocking platform that provides real-time protection for blockchain-based systems.
2. What is Binance Smart Chain (BSC)?
Binance Smart Chain (BSC) is a high-performance blockchain designed for running smart contracts and decentralized applications.
3. How can users safeguard their funds in the blockchain ecosystem?
Users can safeguard their funds in the blockchain ecosystem by following basic safety guidelines such as storing their private keys in secure locations, using two-factor authentication to access their wallets, and being cautious when interacting with unknown wallets or smart contracts.
This article and pictures are from the Internet and do not represent qiAiAi's position. If you infringe, please contact us to delete:https://www.qiaiai.com/crypto/19701.html
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Related recommendations
-
Public Casting of Ubisoft Rabids NFT Officially Begins on Polygon Chain
On February 22, the Sandbox announced on social media that the public casting of Ubisoft Rabids (Crazy Rabbit) NFT has now officially started. The Rabids NFT w…
-
Data: ParaFi Capital transferred 2000 MKRs to Coinbase 2 hours ago
According to reports, according to Spoton Chain data, the address marked as ParaFiCapital unlocked 5000 MKRs 5 hours ago and transferred 2000 of them (approximately $1.43 million)
-
Title: Euler Finance Attacker Steals $37.1 Million in Ethereum and Dai
On March 28th, it was reported that at 2:21 a.m. Beijing time today, the Euler Finance attacker\’s address sent 7738.05 ETHs (approximately $13.2 million) to the Euler deployer\’s ad
-
Florida Man Admits to US $55 Million Blockchain Investment Fraud Scheme
It is reported that a Florida man admitted on Friday that he had planned a blockchain investment fraud scheme involving US $55 million. According to a press re…
-
Under what circumstances will Bitcoin be frozen
When Bitcoin will be frozen after being hacked, some users find themselves unable to use their private keys. They believe that not letting others know that they have Bitcoin in their wallets may cause serious losses and impacts According to a recent report by encryption analysis company Chainalysis, due to network security reasons (such as malware, phishing emails, and other factors) and various other factors, most exchanges are currently unable to access users’ private keys or funds, resulting in many Bitcoin transactions being subjected to “terrifying” situations: when Bitcoin is stolen, these accounts usually transfer from their wallets to another address; At this point, the platform seems to have handed over control to third-party custodians to protect them, so there may be a loophole – the risk of freezing Bitcoin accounts To prevent this from happening, Coinbase is launching a service for its customers that allows them to exchange digital assets with other institutions through electronic means; Then they plan…
-
Filecoin Launches FVM to Enable Smart Contracts and User-Programmability
According to the report, the official social media account of Filecoin wrote, “FVM was successfully launched. As of the time of press release, the Filecoin blockchain now supports smart contracts and user programmability.” Filecoin: FVM is online, and Filecoin now supports smart contracts Analysis based on this information:The official social media account of Filecoin recently announced the successful launch of Filecoin Virtual Machine (FVM), which enables smart contracts and user-programmability within the Filecoin blockchain. This significant development provides a new level of flexibility and functionality within the Filecoin ecosystem that can spur innovation and growth. Smart contracts are self-executing contracts that allow for the automated execution and enforcement of agreements between parties without the need for intermediaries. They have become an essential feature of many blockchain networks, providing a secure and transparent way to conduct transactions, manage assets, and enforce agreements. By adding support for smart contracts, Filecoin can now enable a wide range of decentralized applications (dApps) that can…
-
SHIB worth approximately $40284435 transferred from unknown wallet to another unknown wallet
According to reports, data shows that 3484812794902 SHIB (worth approximately $40284435) has been transferred from an unknown wallet to another unknown wallet.
SHIB worth approxima -
Voyager Continues to Transfer Assets into Coinbase and Withdraw Stable Currency
According to reports, Twitter user Yu Jin tweeted that today, Voyager continued to transfer assets into Coinbase and withdraw stable currency, of which a total…
-
#Understanding the Meteoric Rise of Arbitrum One’s Transaction Volume
According to reports, according to Dune Analytics data, the total transaction volume of Arbitrum One has exceeded 200 million, reaching 203157058 at the time of writing. Historical
-
What does a Bitcoin node mean (What a Bitcoin node cannot do)
A Bitcoin node refers to a system composed of one or more computers that work t